Report date: December 15, 2008 Date posted: December 15, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA33089] Internet Explorer Data Binding Memory Corruption Vulnerability
back [SA33035] Microsoft Internet Explorer Multiple Vulnerabilities
back [SA33020] Microsoft Windows GDI Image Parsing Vulnerabilities
back [SA33080] CF Shopkart SQL Injection and Database Disclosure
back [SA33074] CF_Calendar "calid" SQL Injection Vulnerability
back [SA33070] CFMBlog "categorynbr" SQL Injection Vulnerability
back [SA33067] PostEcards "cid" SQL Injection and Database Disclosure
back [SA33064] CF_Forum "categorynbr" SQL Injection Vulnerability
back [SA33063] Microsoft Office SharePoint Server Security Bypass Vulnerability
back [SA33053] Microsoft Windows Explorer Search Handling Vulnerabilities
back [SA33044] Poll Pro "Password" SQL Injection Vulnerability
back [SA33030] Professional Download Assistant SQL Injections and Database Disclosure
back [SA33029] Ikon AdManager "ikonBAnner_AdManager.mdb" Database Disclosure
back [SA33018] Educate Server "db.mdb" Database Disclosure Security Issue
back [SA33012] RankEm "txtusername" and "txtpassword" SQL Injection Vulnerabilities
back [SA33011] NightFall Personal Diary Database Disclosure and Cross-Site Scripting
back [SA33009] Teamworx Server SQL Injection and Database Disclosure
back [SA33008] QMail Mailing List Manager Database Disclosure
back [SA33004] ASP Auto Dealer "ID" SQL Injection Vulnerability
back [SA33060] 3CX Phone System "fName" and "fPassword" Cross-Site Scripting
back [SA33034] Microsoft SQL Server 2000 "sp_replwritetovarbin()" Buffer Overflow
back [SA33017] Orb Networks Orb HTTP Processing Denial of Service
back [SA33058] Microsoft Windows Media Products Two Vulnerabilities
back [SA33056] Fedora update for java-1.6.0-openjdk
back [SA33054] Fedora update for squirrelmail
back [SA33040] TWiki Cross-Site Scripting and Command Injection Vulnerabilities
back [SA33015] Red Hat update for java-1.5.0-sun / java-1.6.0-sun
back [SA33120] Sun Java System Portal Server File Disclosure Vulnerability
back [SA33108] Sun Ray Server Software Two Vulnerabilities
back [SA33104] HP-UX DCE Unspecified Denial of Service Vulnerability
back [SA33094] SUSE update for pdns
back [SA33093] SUSE update for squirrelmail
back [SA33091] SUSE update for gnutls
back [SA33087] SUSE Update for Multiple Packages
back [SA33082] Ubuntu update for vinagre
back [SA33071] Debian update for squirrelmail
back [SA33066] Debian update for lcms
back [SA33061] Debian update for streamripper
back [SA33052] Red Hat update for tomcat
back [SA33050] Sun Solaris OpenSSL PKCS#11 Denial of Service Vulnerability
back [SA33046] Fedora update for vinagre
back [SA33041] Vinagre "vinagre_utils_show_error()" Format String Vulnerability
back [SA33016] Debian update for clamav
back [SA33013] Red Hat update for ruby
back [SA33010] SUSE update for kernel
back [SA33111] Gentoo update for cups
back [SA33085] Avaya Messaging Storage Server CUPS Multiple Vulnerabilities
back [SA33116] Gentoo update for Archive-Tar
back [SA33115] Gentoo update for opensc
back [SA33121] Sun Solaris SSH CBC Mode Plaintext Recovery Vulnerability
back [SA33095] Avaya Products Net-snmp GETBULK Denial of Service
back [SA33092] SUSE update for samba
back [SA33006] Ubuntu update for nfs-utils
back [SA33119] Sun Ray Windows Connector Information Disclosure Vulnerability
back [SA33055] Fedora update for dbus
back [SA33051] Gentoo update for mgetty
back [SA33047] D-Bus Default Configuration Security Bypass
back [SA33005] Avaya Products ed "strip_escapes()" Buffer Overflow Security Issue
back [SA33083] rPath update for kernel
back [SA33081] Ubuntu update for compiz-fusion-plugins-main
back [SA33078] Linux Kernel MIPS Syscall Denial of Service
back [SA33077] Compiz Fusion Expo Plugin Security Bypass
back [SA33032] Linksys WVC54GC Information Disclosure and ActiveX Control Buffer Overflow
back [SA33057] Aruba Mobility Controller EAP Frame Denial of Service
back [SA33028] HP DECnet-Plus for OpenVMS Security Bypass
back [SA33043] DesignWorks Professional ".cct" Buffer Overflow Vulnerability
back [SA33007] Tizag Countdown Creator File Upload Vulnerability
back [SA33112] Drupal Cross-Site Request Forgery and Script Insertion
back [SA33106] Max's Guestbook "name" and "email" Script Insertion
back [SA33097] eZ Publish Insufficient User ID Validation Vulnerability
back [SA33096] Webmaster Marketplace "u" SQL Injection Vulnerability
back [SA33088] Pro Chat Rooms Cross-Site Scripting and Script Insertion
back [SA33086] Butterfly Organizer "id" and "mytable" SQL Injection Vulnerabilities
back [SA33084] Atlassian JIRA Dynamic URL Transformation Vulnerability
back [SA33073] Peel "rubid" SQL Injection vulnerability
back [SA33065] PHP Multiple Newsletters File Inclusion and Cross-Site Scripting
back [SA33048] XOOPS Script Insertion and Local File Inclusion
back [SA33039] IPN Pro 3 "settings.php" Security Bypass Vulnerability
back [SA33038] DL PayCart "settings.php" Security Bypass Vulnerability
back [SA33037] Bonza Cart "ad_settings.php" Security Bypass Vulnerability
back [SA33033] w3blabor CMS Multiple Vulnerabilities
back [SA33031] phpBB Tag Board Module "id" SQL Injection Vulnerability
back [SA33027] phpAddEdit "editform" Local File Inclusion Vulnerability
back [SA33024] BPowerHouse Multiple Products "page" and "admin" Local File Inclusion
back [SA33021] Tribiq CMS "cID" SQL Injection Vulnerability
back [SA33019] Multiple Membership Script "id" SQL Injection Vulnerability
back [SA33014] phpPgAdmin "_language" Local File Inclusion Vulnerability
back [SA33049] BMC PATROL Version Logging Format String Vulnerability
back [SA33079] Moodle Unspecified Cross-Site Scripting Vulnerability
back [SA33076] phpMyAdmin Cross-Site Request Forgery Vulnerability
back [SA33069] PhPepperShop Webshop Multiple Cross-Site Scripting Vulnerabilities
back [SA33023] ImpressCMS "rank_title" Script Insertion Vulnerability
back [SA33022] IBM WebSphere Application Server Multiple Vulnerabilities
back [SA33062] Google Gears Cross-Site Scripting Weakness
back [SA33059] PunBB Cross-Site Scripting and SQL Injection Vulnerabilities
back [SA33025] Tor Two Weaknesses
Secunia Bulletin - 2008-50
CERT Bulletin - SB08-350
BULLETIN DETAIL
Secunia Bulletin
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2008-12-10
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33089/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-09
Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33035/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-09
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33020/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-12-11
AlpHaNiX has reported a vulnerability and a security issue in CF Shopkart, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33080/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-11
AlpHaNiX has reported a vulnerability in CF_Calendar, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33074/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-11
AlpHaNiX has reported a vulnerability in CFMBlog, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33070/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2008-12-10
AlpHaNiX has reported a vulnerability and a security issue in PostEcards, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33067/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-11
AlpHaNiX has reported a vulnerability in CF_Forum, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33064/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-09
A vulnerability has been reported in Microsoft Office SharePoint Server, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33063/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-09
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33053/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-09
A vulnerability has been reported in Poll Pro, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33044/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-12-09
A security issue and some vulnerabilities have been discovered in Professional Download Assistant, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33030/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-08
Ghost Hacker has discovered a security issue in Ikon AdManager, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33029/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-08
ZoRLu has reported a security issue in Educate Server, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33018/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-08
OffensiveTrack has discovered some vulnerabilities in RankEm, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33012/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2008-12-08
OffensiveTrack has discovered a vulnerability and a security issue in Nightfall Personal Diary, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33011/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-12-08
ZoRLu has reported a vulnerability and a security issue in Teamworx Server, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33009/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-09
A security issue has been discovered in QMail Mailing List Manager, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33008/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-08
OffensiveTrack has reported a vulnerability in ASP Auto Dealer, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33004/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-09
Chris Castaldo has discovered some vulnerabilities in 3CX Phone System, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33060/
Critical: Less critical
Where: From local network
Impact: Privilege escalation
Released: 2008-12-09
Bernhard Mueller has discovered a vulnerability in Microsoft SQL Server 2000, which can be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33034/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-12-08
A vulnerability has been reported in Orb Networks Orb, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33017/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, System
access
Released: 2008-12-09
Two vulnerabilities have been reported in several Microsoft Windows Media products, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33058/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-12-08
Fedora has issued an update for java-1.6.0-openjdk. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33056/
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-12-08
Fedora has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system and conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33054/
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-12-08
Some vulnerabilities have been reported in TWiki, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33040/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-12-05
Red Hat has issued an update for java-1.5.0-sun and java-1.6.0-sun.
This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33015/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-11
Sun has acknowledged a vulnerability in Sun Java System Portal Server, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33120/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-11
Sun has acknowledged two vulnerabilities in Sun Ray Server Software, which can be exploited by malicious, local users or by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33108/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-11
A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33104/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-10
SUSE has issued an update for pdns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33094/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-10
SUSE has issued an update for squirrelmail. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33093/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2008-12-10
SUSE has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33091/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, DoS
Released: 2008-12-10
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and bypass certain security restrictions, and malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33087/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-10
Ubuntu has issued an update for vinagre. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33082/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-09
Debian has issued an update for squirrelmail. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33071/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-10
Debian has issued an update for lcms. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33066/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-09
Debian has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33061/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
Released: 2008-12-08
Red Hat has issued an update for tomcat. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33052/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-08
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33050/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-08
Fedora has issued an update for vinagre. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33046/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-08
A vulnerability has been discovered in Vinagre, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33041/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-05
Debian has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33016/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-05
Red Hat has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33013/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2008-12-05
SUSE has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and malicious people to cause a DoS or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33010/
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-12-11
Gentoo has issued an update for cups. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33111/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-12-10
Avaya has acknowledged some vulnerabilities in Messaging Storage Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33085/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-12-11
Gentoo has issued an update for Archive-Tar. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33116/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-11
Gentoo has issued an update for opensc. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33115/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-12-11
Sun has acknowledged a vulnerability in Solaris, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33121/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-12-10
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33095/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-12-10
SUSE has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33092/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-12-05
Ubuntu has issued an update for nfs-utils. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33006/
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-12-11
Sun has acknowledged a vulnerability in Sun Ray Windows Connector, which can be exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33119/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-08
Fedora has issued an update for dbus. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33055/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-08
Gentoo has issued an update for mgetty. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33051/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-08
A security issue has been reported in D-Bus, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33047/
Critical: Not critical
Where: From remote
Impact: System access
Released: 2008-12-05
Avaya has acknowledged a security issue in various Avaya products, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33005/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-12-10
rPath has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33083/
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-09
Ubuntu has issued an update for compiz-fusion-plugins-main. This fixes a security issue, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33081/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-12-09
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33078/
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-09
A security issue has been reported in Compiz Fusion, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33077/
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-12-08
A security issue and a vulnerability have been reported in Linksys WVC54GC, which can be exploited by malicious people to disclose system and sensitive information and to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33032/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-09
A vulnerability has been reported in Aruba Mobility Controller, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33057/
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-09
A weakness has been reported in HP DECnet-Plus for OpenVMS, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33028/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-08
Cn4phux has discovered a vulnerability in DesignWorks Professional, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33043/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-08
ahmadbady has discovered a vulnerability in Tizag Countdown Creator, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33007/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-11
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33112/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-11
GTADarkDude has discovered some vulnerabilities in Max's Guestbook, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33106/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-11
A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33097/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-11
Hussin X has reported a vulnerability in Webmaster Marketplace, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33096/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-11
ZynbER has reported some vulnerabilities in Pro Chat Rooms, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33088/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-11
Osirys has discovered some vulnerabilities in Butterfly Organizer, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33086/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-10
A vulnerability has been reported in Atlassian JIRA, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33084/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-10
SuB-ZeRo has reported a vulnerability in Peel, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33073/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-12-10
Ahmadbady has discovered some vulnerabilities in PHP Multiple Newsletters, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33065/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2008-12-08
Some vulnerabilities have been reported in XOOPS, which can be exploited by malicious users to conduct script insertion attacks and malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33048/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-10
G4N0K has reported a vulnerability in IPN Pro 3, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33039/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-10
G4N0K has reported a vulnerability in DL PayCart, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33038/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-10
G4N0K has reported a vulnerability in Bonza Cart, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33037/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2008-12-09
DNX has discovered a vulnerability and a security issue in w3blabor CMS, which can be exploited by malicious people to compromise a vulnerable system and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33033/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-09
Athos has discovered a vulnerability in the Tag Board module for phpBB, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33031/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-12-11
Nuclear has discovered a vulnerability in phpAddEdit, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33027/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-12-08
cOndemned has discovered some vulnerabilities in multiple BPowerHouse products, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33024/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-05
M4ck-h@cK has discovered a vulnerability in Tribiq CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33021/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-08
ViRuS_HaCkErS has reported a vulnerability in Multiple Membership Script, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33019/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-12-08
Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33014/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-12-09
A vulnerability has been reported in BMC PATROL, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33049/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-11
A vulnerability has been reported in Moodle, which can be exploited by malicious users to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33079/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-10
A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33076/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-09
Some vulnerabilities have been reported in PhPepperShop Webshop, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33069/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-05
Muhaimin Dzulfakar has discovered a vulnerability in ImpressCMS, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33023/
Critical: Less critical
Where: From remote
Impact: Unknown, Exposure of sensitive information
Released: 2008-12-08
Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have an unknown impact and others can be exploited by malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33022/
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-09
Yair Amit has reported a weakness in Google Gears, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33062/
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-12-09
Some vulnerabilities have been reported in PunBB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33059/
Critical: Not critical
Where: From remote
Impact: Security Bypass, Privilege escalation
Released: 2008-12-05
Two weaknesses have been reported in Tor, which can be exploited by malicious, local users to potentially perform certain actions with escalated privileges or by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33025/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products